Avatier Bolsters Self-Service Password Reset with MFA
April 10, 2024 Alex Woodie
Self-service password reset cuts both ways. On one hand, users want convenient ways to reset passwords they invariably will forget. On the other, events like the recent MGM cyberattack show that more thorough user authentication is required. The folks at identity management solution provider Avatier think they have come up with a novel way to satisfy both camps – without getting cut in the process.
You might not have heard about Avatier, but the Pleasanton, California, has been quietly serving the single sign-on (SSO) and identity management needs of IBM i shops for the past 24 years. It’s integrated directly with payroll, human resources, hotel management, and casino operations using applications developed by Infinium, Kronos, Stratton Warren, and Agilysys, among others.
Avatier tells IT Jungle it supports the IBM i platform (along with the IBM mainframe) across many of its products, including Self-Service Password Reset (SSPR), Identity Governance and Administration (IGA), Identity & Access Management (IAM), Lifecycle Management, Access Governance, and Risk-based Authentication.
With the 2024 release of SSPR unveiled in March, Avatier is bolstering the product’s authentication capabilities to ensure that the person requesting the password reset is actually who they claim to be.
The company says it has developed a patent-pending technique for human-assisted multi-factor authentication, dubbed MFA-V, that reduces the odds of a bad password reset, such as the one that ultimately doomed MGM to a hack that cost it in excess of $100 million last fall.
“Everyone has a self-service password reset solution,” the company says in a press release, “but what good is it if it does not have assisted reset for your staff to securely confirm the identity of your workforce and prevent data breaches due to weak verifications of user identity when they call the helpdesk?”
The company says SSPR addresses that concern by integrating the self-service password reset with the customers’ existing MFA solutions, thereby providing another layer of protection by verifying the identity of the person requesting the password reset. No enrollment is necessary “for most MFA providers,” the company says. The SSPR offering can also work with other password reset utilities that a customer might already be using, Avatier says.
In the March announcement, Avatier CEO Nelson Cicchitto recalled a conversation he had regarding the process of authenticating users requesting a password reset.
“During the pandemic, a US Government security agency reached out to Avatier to ask us for a way to uniquely identify government employees who are working at home so they could reset their PIV card PIN (Badge PIN) without requiring employees to leave their house and drive into the office for ID confirmation,” Cicchitto said in the press release. “I told him that the timing was perfect as Avatier was working on a patent to address a similar issue.”
Cicchitto always wondered why used MFA when we logged in to a cloud service. “But when we called that cloud service provider for assistance, we were always prompted with many questions most of which were already found on the Internet,” he said. “Why don’t we use the same method for both?”
The new MFA-V capability in 2024 SSPR supports IBM i and is available now. For more information, check out the company’s website at www.avatier.com.
